fix: scaling down etcd

Signed-off-by: redscholar <blacktiledhouse@gmail.com>

Author: redscholar

builtin/core/playbooks/add_nodes.yaml

@@ -36,7 +36,90 @@
     - etcd
   gather_facts: true
   roles:
-    - etcd
+    - role: etcd
+      when:
+        - .etcd.deployment_type | eq "external"
+
+- hosts:
+    - kube_control_plane
+  tasks:
+    - name: AddNodes | Check if should update apiserver certificates
+      run_once: true
+      add_hostvars:
+        hosts: kube_control_plane
+        vars:
+          need_installed_etcd: >-
+            {{- $needInstalled := list -}}
+            {{- range .groups.etcd -}}
+              {{- if and ((index $.hostvars . "etcd_install_LoadState" "stdout") | eq "not-found") ($.delete_nodes | default list | has . | not) -}}
+                {{- $needInstalled = append $needInstalled . -}}
+              {{- end -}}
+            {{- end -}}
+            {{ $needInstalled | toJson }} 
+    - name: AddNodes | Update apiserver etcd certificates
+      when:
+        - .need_installed_etcd | fromJson | empty | not
+        - .etcd.deployment_type | eq "external"
+      block:
+        - name: AddNodes | Copy etcd CA certificate to control plane node
+          copy:
+            src: >-
+              {{ .etcd.ca_file }}
+            dest: /etc/kubernetes/pki/etcd/ca.crt
+        - name: AddNodes | Copy etcd client certificate to control plane node
+          copy:
+            src: >-
+              {{ .etcd.cert_file }}
+            dest: /etc/kubernetes/pki/etcd/client.crt
+        - name: AddNodes | Copy etcd client key to control plane node
+          copy:
+            src: >-
+              {{ .etcd.key_file }}
+            dest: /etc/kubernetes/pki/etcd/client.key
+        - name: AddNodes | update ks-apiserver
+          command: |
+            {{- $endpoints := list -}}
+            {{- range .groups.etcd | default list -}}
+              {{- $endpoints = append $endpoints (printf "https://%s:2379" (index $.hostvars . "internal_ipv4")) -}}
+            {{- end -}}
+            ETCD_ENDPOINTS="{{ join "," $endpoints }}"
+                
+            if ! grep -q 'ClusterConfiguration' /etc/kubernetes/kubeadm-config.yaml 2>/dev/null; then
+              kubectl get cm kubeadm-config -n kube-system -o=jsonpath='{.data.ClusterConfiguration}' > /etc/kubernetes/kubeadm-config.yaml
+            fi
+        
+            awk -v ep="$ETCD_ENDPOINTS" '
+              BEGIN {
+                n = split(ep, arr, ",")
+                for (i = 1; i <= n; i++) {
+                  print "      - " arr[i]
+                }
+              }
+            ' > /etc/kubernetes/kubeadm_new_endpoints.yaml
+            # delete old endpoint
+            sed -i '/^[[:space:]]*endpoints:/{
+              :loop
+              N
+              s/\n[[:space:]]\+-.*//; t loop
+              s/\n[[:space:]]*\n/\n/g
+              P
+              D
+            }' /etc/kubernetes/kubeadm-config.yaml
+            # insert new endpoint
+            sed -i "/^[[:space:]]*endpoints:/r /etc/kubernetes/kubeadm_new_endpoints.yaml" /etc/kubernetes/kubeadm-config.yaml        
+            rm /etc/kubernetes/kubeadm_new_endpoints.yaml
+            # update kubeadm-config
+            {{- if .kubernetes.kube_version | semverCompare "<v1.27.0" }}
+            kubeadm config upload from-file --config /etc/kubernetes/kubeadm-config.yaml
+            {{- else }}
+            kubeadm init phase upload-config kubeadm --config /etc/kubernetes/kubeadm-config.yaml
+            {{- end }}
+            # regenerate kube-apiserver
+            {{- if .kubernetes.kube_version | semverCompare "<v1.27.0" }}
+            kubeadm init phase control-plane apiserver --config /etc/kubernetes/kubeadm-config.yaml
+            {{- else }}
+            kubeadm init phase control-plane apiserver
+            {{- end }}
 
 - hosts:
     - k8s_cluster

builtin/core/playbooks/create_cluster.yaml

@@ -35,7 +35,8 @@
 - hosts:
     - etcd
   roles:
-    - etcd
+    - role: etcd
+      when: .etcd.deployment_type | eq "external"
 
 # Install the private image registry
 - hosts:

builtin/core/playbooks/delete_cluster.yaml

@@ -31,8 +31,10 @@
 - hosts:
     - etcd
   roles:
-    - role: uninstall/etcd
-      when: .delete.etcd
+    - role: etcd/scaling_down
+      when:
+        - .delete.etcd
+        - .etcd.deployment_type | eq "external"
 
 - hosts:
    - image_registry

builtin/core/playbooks/delete_nodes.yaml

@@ -11,10 +11,17 @@
     - defaults
     - precheck
 
+- hosts:
+    - etcd
+  roles:
+    - role: etcd
+      when: 
+        - .delete.etcd
+        - .etcd.deployment_type | eq "external"
+
 - hosts:
     - kube_control_plane
-  gather_facts: true
-  tasks:
+  pre_tasks:
     - name: DeleteNode | Ensure at least one control plane node remains in the cluster
       run_once: true
       command: |
@@ -28,6 +35,90 @@
         echo "At least one control plane node must be retained in the cluster." >&2
         exit 1
         {{- end }}
+  tasks:
+    - name: DeleteNode | Update etcd certificate for kube_control_plane
+      when: 
+        - .delete.etcd
+        - .etcd.deployment_type | eq "external"
+      block:
+        - name: DeleteNode | Check if should update apiserver certificates
+          run_once: true
+          add_hostvars:
+            hosts: kube_control_plane
+            vars:
+              need_uninstall_etcd: >-
+                {{- $needUnInstalled := list -}}
+                {{- range .groups.etcd -}}
+                  {{- if $.delete_nodes | default list | has . -}}
+                    {{- $needUnInstalled = append $needUnInstalled . -}}
+                  {{- end -}}
+                {{- end -}}
+                {{ $needUnInstalled | toJson }}  
+        - name: DeleteNode | Update apiserver etcd certificates
+          when:
+            - .need_uninstall_etcd | fromJson | empty | not
+          block:
+            - name: DeleteNode | Copy etcd CA certificate to control plane node
+              copy:
+                src: >-
+                  {{ .etcd.ca_file }}
+                dest: /etc/kubernetes/pki/etcd/ca.crt
+            - name: DeleteNode | Copy etcd client certificate to control plane node
+              copy:
+                src: >-
+                  {{ .etcd.cert_file }}
+                dest: /etc/kubernetes/pki/etcd/client.crt
+            - name: DeleteNode | Copy etcd client key to control plane node
+              copy:
+                src: >-
+                  {{ .etcd.key_file }}
+                dest: /etc/kubernetes/pki/etcd/client.key
+            - name: DeleteNode | update ks-apiserver
+              command: |
+                {{- $endpoints := list -}}
+                {{- range .groups.etcd | default list -}}
+                  {{- if $.need_uninstall_etcd | fromJson | has . | not -}}
+                    {{- $endpoints = append $endpoints (printf "https://%s:2379" (index $.hostvars . "internal_ipv4")) -}}
+                  {{- end -}}
+                {{- end -}}
+                ETCD_ENDPOINTS="{{ join "," $endpoints }}"
+
+                if ! grep -q 'ClusterConfiguration' /etc/kubernetes/kubeadm-config.yaml 2>/dev/null; then
+                  kubectl get cm kubeadm-config -n kube-system -o=jsonpath='{.data.ClusterConfiguration}' > /etc/kubernetes/kubeadm-config.yaml
+                fi
+
+                awk -v ep="$ETCD_ENDPOINTS" '
+                  BEGIN {
+                    n = split(ep, arr, ",")
+                    for (i = 1; i <= n; i++) {
+                      print "      - " arr[i]
+                    }
+                  }
+                ' > /etc/kubernetes/kubeadm_new_endpoints.yaml
+                # delete old endpoint
+                sed -i '/^[[:space:]]*endpoints:/{
+                  :loop
+                  N
+                  s/\n[[:space:]]\+-.*//; t loop
+                  s/\n[[:space:]]*\n/\n/g
+                  P
+                  D
+                }' /etc/kubernetes/kubeadm-config.yaml
+                # insert new endpoint
+                sed -i "/^[[:space:]]*endpoints:/r /etc/kubernetes/kubeadm_new_endpoints.yaml" /etc/kubernetes/kubeadm-config.yaml        
+                rm /etc/kubernetes/kubeadm_new_endpoints.yaml
+                # update kubeadm-config
+                {{- if .kubernetes.kube_version | semverCompare "<v1.27.0" }}
+                kubeadm config upload from-file --config /etc/kubernetes/kubeadm-config.yaml
+                {{- else }}
+                kubeadm init phase upload-config kubeadm --config /etc/kubernetes/kubeadm-config.yaml
+                {{- end }}
+                # regenerate kube-apiserver
+                {{- if .kubernetes.kube_version | semverCompare "<v1.27.0" }}
+                kubeadm init phase control-plane apiserver --config /etc/kubernetes/kubeadm-config.yaml
+                {{- else }}
+                kubeadm init phase control-plane apiserver
+                {{- end }}
 
 - hosts: 
     - k8s_cluster
@@ -67,14 +158,6 @@
         - .delete.dns
         - .delete_nodes | default list | has .inventory_hostname
 
-- hosts:
-    - etcd
-  roles:
-    - role: uninstall/etcd
-      when: 
-        - .delete.etcd
-        - .delete_nodes | default list | has .inventory_hostname
-
 - hosts:
    - image_registry
   roles:

builtin/core/roles/defaults/vars/v1.31.yaml

@@ -89,4 +89,3 @@ image_manifests:
   - docker.io/openebs/linux-utils:4.1.0
   - docker.io/openebs/provisioner-localpv:4.1.0
   - quay.io/tigera/operator:v1.34.5
-

…tin/core/roles/etcd/files/backup.service …/roles/etcd/install/files/backup.servicebuiltin/core/roles/etcd/files/backup.service renamed to builtin/core/roles/etcd/install/files/backup.service builtin/core/roles/etcd/files/backup.service renamed to builtin/core/roles/etcd/install/files/backup.service

@@ -12,11 +12,6 @@
       loop:
        - "{{ .etcd.env.data_dir }}"
 
-- name: Install | Generate etcd environment configuration file
-  template:
-    src: etcd.env
-    dest: /etc/etcd.env
-
 - name: Install | Deploy etcd systemd service file
   copy:
     src: etcd.service

…iltin/core/roles/etcd/files/etcd.service …re/roles/etcd/install/files/etcd.servicebuiltin/core/roles/etcd/files/etcd.service renamed to builtin/core/roles/etcd/install/files/etcd.service builtin/core/roles/etcd/files/etcd.service renamed to builtin/core/roles/etcd/install/files/etcd.service

@@ -0,0 +1,4 @@
+---
+- include_tasks: install.yaml
+
+- include_tasks: backup_service.yaml